[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 5 21:12:29 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e6ed021b by security tracker role at 2024-06-05T20:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,115 @@
+CVE-2024-5629 (An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier ...)
+ TODO: check
+CVE-2024-5571 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...)
+ TODO: check
+CVE-2024-5536 (The GamiPress \u2013 Link plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-5526 (Grafana OnCall is an easy-to-use on-call management tool that will hel ...)
+ TODO: check
+CVE-2024-5459 (The Restaurant Menu and Food Ordering plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-5184 (The EmailGPT service contains a prompt injection vulnerability.The ser ...)
+ TODO: check
+CVE-2024-5037 (A flaw was found in OpenShift's Telemeter. If certain conditions are i ...)
+ TODO: check
+CVE-2024-4821 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
+ TODO: check
+CVE-2024-4812 (A flaw was found in the Katello plugin for Foreman, where it is possib ...)
+ TODO: check
+CVE-2024-4743 (The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin for Wor ...)
+ TODO: check
+CVE-2024-4009 (Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BC ...)
+ TODO: check
+CVE-2024-4008 (FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (ve ...)
+ TODO: check
+CVE-2024-4001 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2024-3716 (A flaw was found in foreman-installer when puppet-candlepin is invoked ...)
+ TODO: check
+CVE-2024-3469 (The GP Premium plugin for WordPress is vulnerable to Reflected Cross-S ...)
+ TODO: check
+CVE-2024-36837 (SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker ...)
+ TODO: check
+CVE-2024-36670 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-36669 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-36668 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-36667 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-36129 (The OpenTelemetry Collector offers a vendor-agnostic implementation on ...)
+ TODO: check
+CVE-2024-35674 (Missing Authorization vulnerability in Unlimited Elements Unlimited El ...)
+ TODO: check
+CVE-2024-35673 (Cross-Site Request Forgery (CSRF) vulnerability in Pure Chat by Ruby P ...)
+ TODO: check
+CVE-2024-31631
+ REJECTED
+CVE-2024-31630
+ REJECTED
+CVE-2024-31629
+ REJECTED
+CVE-2024-31628
+ REJECTED
+CVE-2024-31627
+ REJECTED
+CVE-2024-31626
+ REJECTED
+CVE-2024-31625
+ REJECTED
+CVE-2024-31624
+ REJECTED
+CVE-2024-31623
+ REJECTED
+CVE-2024-31622
+ REJECTED
+CVE-2024-28818 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+ TODO: check
+CVE-2024-27382 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
+ TODO: check
+CVE-2024-27381 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
+ TODO: check
+CVE-2024-27380 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
+ TODO: check
+CVE-2024-27379 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
+ TODO: check
+CVE-2024-27378 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
+ TODO: check
+CVE-2024-27377 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
+ TODO: check
+CVE-2024-27376 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
+ TODO: check
+CVE-2024-27375 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
+ TODO: check
+CVE-2024-27374 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
+ TODO: check
+CVE-2024-27373 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
+ TODO: check
+CVE-2024-27372 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
+ TODO: check
+CVE-2024-27371 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
+ TODO: check
+CVE-2024-27370 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
+ TODO: check
+CVE-2024-20405 (A vulnerability in the web-based management interface of Cisco Finesse ...)
+ TODO: check
+CVE-2024-20404 (A vulnerability in the web-based management interface of Cisco Finesse ...)
+ TODO: check
+CVE-2024-1662 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-1272 (Inclusion of Sensitive Information in Source Code vulnerability in TNB ...)
+ TODO: check
+CVE-2023-6734
+ REJECTED
+CVE-2023-50804 (An issue was discovered in Samsung Mobile Processor, Automotive Proces ...)
+ TODO: check
+CVE-2023-50803 (An issue was discovered in Samsung Mobile Processor, Automotive Proces ...)
+ TODO: check
+CVE-2023-49928 (An issue was discovered in Samsung Mobile Processor, Automotive Proces ...)
+ TODO: check
+CVE-2023-49927 (An issue was discovered in Samsung Mobile Processor, Automotive Proces ...)
+ TODO: check
CVE-2024-5636 (A vulnerability was found in itsourcecode Bakery Online Ordering Syste ...)
NOT-FOR-US: Bakery Online Ordering System
CVE-2024-5635 (A vulnerability was found in itsourcecode Bakery Online Ordering Syste ...)
@@ -407,7 +519,7 @@ CVE-2024-5387
REJECTED
CVE-2024-5214
REJECTED
-CVE-2024-5171
+CVE-2024-5171 (Integer overflow in libaom internal functionimg_alloc_helper can lead ...)
- aom 3.8.2-3
NOTE: https://issues.chromium.org/issues/332382766
NOTE: https://aomedia.googlesource.com/aom/+/19d9966572a410804349e1a8ee2017fed49a6dab
@@ -820,7 +932,7 @@ CVE-2024-22058 (A buffer overflow allows a low privilege user on the local machi
NOT-FOR-US: Ivanti
CVE-2024-1980
REJECTED
-CVE-2024-1275 (Use of Default Cryptographic Key vulnerability in Baxter Welch Ally Co ...)
+CVE-2024-1275 (Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn C ...)
NOT-FOR-US: Baxter Welch Ally Connex Spot Monitor
CVE-2023-7073 (The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
@@ -884,7 +996,7 @@ CVE-2024-5498 (Use after free in Presentation API in Google Chrome prior to 125.
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5497 (Out of bounds memory access in Keyboard Inputs in Google Chrome prior ...)
+CVE-2024-5497 (Out of bounds memory access in Browser UI in Google Chrome prior to 12 ...)
{DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -10275,7 +10387,7 @@ CVE-2023-52654 (In the Linux kernel, the following vulnerability has been resolv
[bullseye] - linux 5.10.205-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/705318a99a138c29a512a72c3e0043b3cd7f55f4 (6.7-rc5)
-CVE-2024-24790
+CVE-2024-24790 (The various Is methods (IsPrivate, IsLoopback, etc) did not work as ex ...)
- golang-1.22 1.22.4-1
- golang-1.21 1.21.11-1
- golang-1.19 <removed>
@@ -10283,7 +10395,7 @@ CVE-2024-24790
- golang-1.11 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/XbxouI9gY7k
NOTE: https://github.com/golang/go/issues/67680
-CVE-2024-24789
+CVE-2024-24789 (The archive/zip package's handling of certain types of invalid zip fil ...)
- golang-1.22 1.22.4-1
- golang-1.21 1.21.11-1
- golang-1.19 <removed>
@@ -10440,7 +10552,7 @@ CVE-2024-4345 (The Startklar Elementor Addons plugin for WordPress is vulnerable
NOT-FOR-US: WordPress plugin
CVE-2024-34523 (AChecker 1.5 allows remote attackers to read the contents of arbitrary ...)
NOT-FOR-US: AChecker
-CVE-2024-34517 (The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privi ...)
+CVE-2024-34517 (The Cypher component in Neo4j between v.5.0.0 and v.5.19.0 mishandles ...)
NOT-FOR-US: Neo4j Cypher
CVE-2024-34342 (react-pdf displays PDFs in React apps. If PDF.js is used to load a mal ...)
NOT-FOR-US: react-pdf
@@ -13415,6 +13527,7 @@ CVE-2024-0334 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Store
CVE-2023-7241 (Privilege Escalationin WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 ...)
NOT-FOR-US: Webroot Antivirus
CVE-2023-49606 (A use-after-free vulnerability exists in the HTTP Connection Headers p ...)
+ {DSA-5705-1}
- tinyproxy 1.11.1-4 (bug #1070395)
[buster] - tinyproxy <postponed> (Not exploitable easily for RCE; but fix with next update)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
@@ -23554,7 +23667,7 @@ CVE-2023-51571 (Voltronic Power ViewPower Pro SocketService Missing Authenticati
CVE-2023-51570 (Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2024-28219 (In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists bec ...)
- {DLA-3786-1}
+ {DSA-5704-1 DLA-3786-1}
- pillow 10.3.0-1
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
NOTE: https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061 (10.3.0)
@@ -41202,7 +41315,7 @@ CVE-2023-50694 (An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote a
CVE-2023-50693 (An issue in Jester v.0.6.0 and before allows a remote attacker to send ...)
NOT-FOR-US: dom96 Jester
CVE-2023-50447 (Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...)
- {DLA-3724-1}
+ {DSA-5704-1 DLA-3724-1}
- pillow 10.2.0-1 (bug #1061172)
NOTE: https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#imagemath-eval-restricted-environment-keys
@@ -55360,7 +55473,7 @@ CVE-2023-46352 (In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Fac
CVE-2023-46176 (IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated ...)
NOT-FOR-US: IBM
CVE-2023-44271 (An issue was discovered in Pillow before 10.0.0. It is a Denial of Ser ...)
- {DLA-3768-1}
+ {DSA-5704-1 DLA-3768-1}
- pillow 10.0.0-1
NOTE: https://github.com/python-pillow/Pillow/pull/7244
NOTE: https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 (10.0.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6ed021ba25e449b72993ede49b475c024aa8f20
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6ed021ba25e449b72993ede49b475c024aa8f20
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240605/57799ae2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list